CVE-2025-11152
published 2025-09-30CVE-2025-11152: Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.
high8.6CVSS 3.1
AVNACLPRNUINSUCLIHAL
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 143.0.3-1 (sid) | firefox 143.0.3-1 (sid) |
| mozilla | firefox | < 143.0.3 | 143.0.3 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
osv8.6HIGH